@subven
Indeed, GoBD and GDPR seem to contradict each other:
The GDPR requires a purpose for the storage of personal data and its deletetion if such purpose does not exist (anymore).
The GoBD deals with the retention of documents in order to comply with tax obligations.
Important: The GoBD does not stipulate if certain documents should be retained, only how. The "if" - the obligation to keep accounts and records - results from a variety of commercial and tax law regulations.
However:
The GoBD does not set any time limits for the retention of data but merely states: If there are obligations to retain data, such data must be retained in a certain way.
The GDPR does not contain any concrete time limits for the retention or subseqent deletion, either. It rather stipulates general principles of storage limitation and data minimization: According to Art. 5 GDPR, data may only be stored for as long as it is necessary and appropriate for a previously defined, clear and legitimate purpose; such purpose can also consist of precisely those storage obligations that GoBD deals with.
In other words: If there's a legal obligation (e.g. pursuant to tax law) to keep records, the GoBD stipulates how to keep those records and, pursuant to Art. 5 GDPR, such legal obligation legitimizes the retention of data (i.e. the invididual may not request the deletion of data for the legal retention period).
Therefore, GoBD and GDPR are not really competing sets of rules. The applicable test is:
Is there a tax law obligation to retain documents?
Does the GDPR principles of of storage limitation and data minimization require that documents be deleted?
It's possible that not all data of a document is relevant for the purpose of storage. In such cases, one solution is to redact certain information in the document to comply with both GoBD and GDPR. In order to avoid a (unreasonable) individual case examination for each document, some DMS apply a deletion concept based on e.g. legal retention periods.
